*** This bug is a security vulnerability ***
Public security bug reported:
Cross-site scripting (XSS) vulnerability in
actionpack/lib/action_view/helpers/form_options_helper.rb in the select
helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x
before 3.2.2 allows remote attackers to inject arbitrary web script or HTML
via vectors involving certain generation of OPTION elements within SELECT
elements.
** Affects: ruby-actionpack-2.3 (Ubuntu)
Importance: Undecided
Status: New
** Affects: ruby-actionpack-2.3 (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Affects: ruby-actionpack-2.3 (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: ruby-actionpack-2.3 (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Also affects: ruby-actionpack-2.3 (Ubuntu Precise)
Importance: Undecided
Status: New
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1099
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1030984
Title:
CVE-2012-1099: Cross-site scripting (XSS) vulnerability
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ruby-actionpack-2.3/+bug/1030984/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
